Table of contents

Introduction

The MSAL preview library for JavaScript gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. This sample us a JavaScript Single Page with an ASP.NET backend. It demonstrates all the normal lifecycles your application should experience, including:

Copy the Application Id (also named ClientID) to the clipboard. This is the unique identifier for your app.

Under Platforms, choose Add Platform.

Choose Web.

Make sure the Allow Implicit Flow check box is selected, and enter https://localhost:44302/ as the Redirect URI.

Choose Save.

Build and run the sample

Download or clone the repository for this sample.

Using your favorite IDE, open app.js in App/scripts.

Replace the clientId GUID with the application ID of your registered Azure application that you pasted in the clipboard.

open Web.config in the root of the application.

Replace the value of the Ida::Audience application setting with the application ID of your registered Azure application (same GUID that you pasted to the clipboard). Note that Ida::Tenant is not currently set in the Web.config as all AAD V2 web APIs are currently multi-tenant.

Run the application in Visual Studio, for choose, from the toolback under the main menubar, which browser to use and use the Debug | Start without debugging command. The browser opens, navigating to http://localhost:44302.

When the page gets displayed, click on the Login button.

When the popup window appears, sign-in with your personal or work or school account and grant the requested permissions.

Click on User to see information about the Signed-in user, and TodoList to edit the todo list (you can add, delete, edit new items)

About the code.

The creation of the user agent application is done in app.js, configured by the clientID.

when the user presses the login button (sign-in happens, in app.js by a call to loginPopup().

when the user presses Todo, the list is fetched from the ASP.NET backend. this happens in todoListCtrl.js, by attempting to call acquireTokenSilent, and then, if it fails calling acquireTokenPopup. The access token is then used to call the backend (which has the same clientID as the JavaScript front-end). This happens in getTodoList.

when the user presses the logout button (sign-out happens, in app.js through a call to logout().

Community Help and Support

We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [msal.js].

If you find and bug or have a feature request, please raise the issue on GitHub Issues.

Security Library

This library controls how users sign-in and access services. We recommend you always take the latest version of our library in your app when possible.

Security Reporting

If you find a security issue with our libraries or services please report it to secure@microsoft.com with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.